Data Catalog API methods that are related to Data Catalog search and metadata are deprecated and will be discontinued on January 30, 2026. See Transition from Data Catalog to Dataplex Universal Catalog. Methods that are related to policy tags and policy tag taxonomies are not deprecated.
Returns the caller's permissions on a resource. If the resource does not exist, an empty set of permissions is returned (We don't return a NOT_FOUND error).
Supported resources are: - Tag templates. - Entries. - Entry groups. Note, this method cannot be used to manage policies for BigQuery, Pub/Sub and any external Google Cloud Platform resources synced to Data Catalog.
A caller is not required to have Google IAM permission to make this request.
HTTP request
POST https://datacatalog.googleapis.com/v1beta1/{resource}:testIamPermissions
Path parameters
Parameters
resource
string
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. It takes the form projects/{project}/locations/{location}/entryGroups/{entrygroup}.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-17 UTC."],[[["\u003cp\u003eThis endpoint checks a caller's permissions on a specified resource, returning an empty set if the resource doesn't exist, rather than a \u003ccode\u003eNOT_FOUND\u003c/code\u003e error.\u003c/p\u003e\n"],["\u003cp\u003eThe supported resources for this operation include tag templates, entries, and entry groups, excluding BigQuery, Pub/Sub, and external Google Cloud Platform resources synced to Data Catalog.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request for checking permissions is a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003ehttps://datacatalog.googleapis.com/v1beta1/{resource}:testIamPermissions\u003c/code\u003e, where \u003ccode\u003e{resource}\u003c/code\u003e is a path parameter.\u003c/p\u003e\n"],["\u003cp\u003eThe request body should contain a JSON object with an array of string values representing the \u003ccode\u003epermissions\u003c/code\u003e to check for the resource.\u003c/p\u003e\n"],["\u003cp\u003eThe API call requires the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope for authorization.\u003c/p\u003e\n"]]],[],null,["# Method: projects.locations.entryGroups.testIamPermissions\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\n| Data Catalog is deprecated. Please use Dataplex Universal Catalog instead.\nReturns the caller's permissions on a resource. If the resource does not exist, an empty set of permissions is returned (We don't return a `NOT_FOUND` error).\n\nSupported resources are: - Tag templates. - Entries. - Entry groups. Note, this method cannot be used to manage policies for BigQuery, Pub/Sub and any external Google Cloud Platform resources synced to Data Catalog.\n\nA caller is not required to have Google IAM permission to make this request.\n\n### HTTP request\n\n`POST https://datacatalog.googleapis.com/v1beta1/{resource}:testIamPermissions`\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nIf successful, the response body contains an instance of [TestIamPermissionsResponse](/data-catalog/docs/reference/rest/Shared.Types/TestIamPermissionsResponse).\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp)."]]